This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Firewall Application Rules

This Article Applies to:

  • Avast Business Hub

 

Application Rules are specifically meant to control the access for various applications that may run on your devices. You can choose whether connections for applications with no defined rules are auto-decided by the Firewall, chosen by the user, or allowed/disallowed in the drop-down menu. We recommend you ensure these rules are controlled by your console for maximum security across your network.

Default Application Rules

Each policy contains default application rules to allow common applications to communicate properly. You can modify or delete these rules as you wish in order to change how the listed application communicates.

When making configuration changes, pay attention to the application path listed in the default rule. The path defined in the console should match the path on the client side.

Adding Application Rules

  1. Click on the name of the policy you would like to alter
  2. Navigate to Service Settings ▸ Firewall ▸ expand Firewall Settings ▸ Firewall rules ▸ Application rules
  3. Click + Add application rule
  4. Fill out the full application name and path
  5. Select what connections are allowed: Internet in only, Internet out only, all, or no connections
    1. You can also select custom rules for various ports and protocols by clicking Custom, then adding or altering the packet rules in the table
  6. Click Add application rule
  7. Click Save in the bottom-right corner when you are done adding rules

Policy vs. Client Settings

The policy settings for what connections are allowed are named differently on the client.

Policy Setting Client Setting
Auto-decide Smart Mode
All connections Allow
No connections Block
Ask user Ask

Custom Application Rules

  1. Click the pencil icon to the right of the application name to edit the rule
  2. In the Allow column, click Custom in the drop-down menu
  3. Click + Add packet rule
  4. Fill out the following:
    • Rule name
    • Action: allow or block
    • Protocol
    • Direction
    • IP Address
    • Local Port
    • Remote Port
    • Profile
  5. Click Add packet rule
  6. Click the save icon in the table
  7. Click Save in the bottom-right corner when you are done adding rules

Environment Variables

Firewall will not allow entire directories/folders nor accept wildcards (such as * or ?), but you may use the below system variables for specific filenames.